W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > April to June 2002

WebDAV XML handling vs. external entities

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 19 Jun 2002 09:31:24 +0200
To: <w3c-dist-auth@w3c.org>
Message-ID: <JIEGINCHMLABHJBIGKBCEELBEMAA.julian.reschke@gmx.de>

Hi,

there was recently an xml-dev thread about security problems allowing
arbitrary XML in protocols (see for instance [1]).

As WebDAV doesn't need resolution of external entities / DTD validation, I'd
suggest to specfiy that servers and clients MUST NOT resolve external
entities, that is, MUST reject any WebDAV protocol message that contains
external entities.

Feedback appreciated.



[1] <http://lists.xml.org/archives/xml-dev/200206/msg00247.html>
Received on Wednesday, 19 June 2002 03:31:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:00 GMT